UK: FCA publish Dear CEO Letter to Payments Portfolio Firms

On 3 February 2025, the FCA published a Dear CEO letter which outlines the key priorities and expectations for firms within the regulator’s payments portfolio, including those authorised or registered under the Payment Services Regulations 2017 (PSRs) or the Electronic Money Regulations 2011 (EMRs). The letter emphasises the importance of innovation, competition, and security in the payments ecosystem as set out by the National Payments Vision and sets out three primary outcomes that firms are expected to achieve. These priorities and expectations have been strong areas of focus by the FCA over the last few years but the letter will be helpful in focusing the regulatory priorities of management and key compliance and risk functions within payment firms. Also, the letter demonstrates the FCA’s ongoing efforts to promote its position as a regulator aiming to create space for firms to innovate in the payments and e-money sector. An example of this is the review of strong customer authentication procedures. It will be interesting to see how the FCA’s balances its competition and innovation objectives against ongoing risks it has identified relating to safeguarding, financial crime and third party operational risk resilience.

The letter reveals that a significant proportion of UK payments firms must do more to implement the Consumer Duty and the FCA take appropriate action against firms that consistently fail to meet its standards or demonstrate reasonable steps to ensure remediation.

In regard to fraud, the FCA are working with the Payment Systems Regulator to monitor firm compliance with APP fraud rules, and will be engaging with firms to ensure good consumer outcomes for victims of APP fraud. For unauthorised fraud, firms should show the same diligence as with APP Fraud.

The FCA have also seen weaknesses in some firms’ technological resilience, in some cases, coupled with a lack of oversight of change programmes, which has resulted in weakened resilience and/or business interruption.

Key outcomes

Outcome 1: Effective Competition and Innovation to meet customers’ needs characteristics and objectives

• Innovation Support: The FCA states that it is committed to supporting firms in innovating for the benefit of consumers and markets. This includes offering services through the Innovation Hub and Early and High Growth Oversight function.
• Consumer Duty: Firms are expected to implement the Consumer Duty effectively, ensuring products and services deliver good customer outcomes and act in customers' best interests.
• Foreign Exchange Pricing: The FCA will assess the clarity of foreign exchange pricing in payment services to ensure consumers understand the costs.

Outcome 2: Firms do not compromise financial system integrity

• Financial Crime: Firms must enhance their financial crime controls to instil trust and confidence in the market. This includes effective governance and systems to prevent financial crime.
• Operational Resilience: Firms should ensure their governance and systems are robust to withstand operational disruptions. The transitional period for new operational resilience rules ends on 31 March 2025.

Outcome 3: Firms keep customer’s money safe

• Safeguarding: Firms must safeguard customer funds in compliance with the PSRs and EMRsand guidance set out in the Approach Document. This includes identifying relevant funds, maintaining accurate records, and considering safeguarding insurance.
• Prudential Risk Management: Firms should manage prudential risks effectively, ensuring regulatory capital requirements are met and financial resources are adequate. Firms need to ensure that they are managing their regulatory capital requirements on an ongoing basis working across finance, risk and compliance.
• Wind-down Planning: Effective wind-down plans should be in place to ensure orderly business closure if necessary. This is to help ensure that customers receive their funds back as soon as possible which has not been the case with those payment firms going into insolvency.

Governance, oversight and leadership to help achieve outcomes

• Firms must ensure governance, oversight, and leadership are effective and proportionate to their business's nature, scale, and complexity. This includes firms that have arrangements with agents or distributors ensuring that it has in put in place robust agent and distributor oversight and compliance arrangements regulatory requirements. Further, the FCA has reiterated a core threshold condition for authorisation that a UK-authorised payment institution or e-money institution must have its head office in the UK. The directors and other senior management who make decisions relating to the firm’s central direction, and the material management decisions of the firm on a day-to-day basis should be based in the UK head office. Although this will come as no surprise to most payment firms it is interesting that the FCA has reiterated this basic condition of authorisation, perhaps identifying that there are some firms that are not maintaining an adequate management team that is based in the UK.

Preparing for the future

• The FCA encourages engagement with future policy development to ensure regulation is fit for purpose. Again, the FCA appears to be keen to ensure that its proposed changes to the regulatory framework are proportionate and agile to firms developing and launching payments products but that there is effective regulation of risks to ensure customers are protected and reducing risks to the financial market caused by firms entering a disorderly wind-down.
• FCA’s work on variable recurring payments as a pilot for the roll out of wider Open Finance premium API use cases is a priority, and it is working with the PSR to deliver Phase 1 as soon as possible whilst progressing work on wider e-commerce uses. This is at the same time we are seeing other sectors trying to explore similar frameworks in the energy and utilities sector as a result of the Smart Data Act published at the end of last year.
• Throughout this year, the FCA will engage with industry, consumer organisations, and other stakeholders on its approach to replacing the SCA, including on the contactless limits. This includes moving the technical standards into the rulebook, including safeguarding requirements being moved into CASS.

Next steps

Firms and their Boards are expected to discuss the letter and take necessary actions to deliver the outlined outcomes. The FCA will engage with firms to ensure compliance. Firms should be prepared to ensure it is meeting the outcomes outlined in the letter as the FCA will be engaging with firms to ensure it is complying with the regulatory requirements raised in the letter.

Read more on the National Payments Vision and regulator plans for 2025 in our article UK: Payment regulation 2025: What’s on the horizon?

Our Payment Services Regulatory team will be monitoring next steps and shall keep you up-to-speed with the latest developments in these areas.

With thanks to Knowledge Manager, Melissa Pentescost-Daley for her assistance in preparing this article.